-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(follower): do not cache authentication tokens #326
fix(follower): do not cache authentication tokens #326
Conversation
Avoid caching authentication tokens in the client since they can expire. In those cases the client cannot invalidate the expired token, hence it will not have permission to access the resources. Each time the client will acquire a new token based on it's configuration. Remember that this change does not affect the underlying credential helper's cache. Signed-off-by: Aldo Lacuku <[email protected]>
/hold |
1025bfc
to
7af0093
Compare
When we create the http client for a given repository the code checks if it is somehow configured. It caches a function called `credentialFunction`. This function knows how to retrieve the credentials for a given repository. For unconfigured repositories, or repositories that fail to get valid credentials using their `credentialFunction,` we cache an `emptyCredential function`. This causes trouble in case of transient errors causing the client to not recover. This commit avoids caching the `emptyCredential function` in such cases or for unconfigured repositories. Signed-off-by: Aldo Lacuku <[email protected]>
7af0093
to
97c73ef
Compare
/unhold @FedeDP ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alacuku, FedeDP The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
LGTM label has been added. Git tree hash: 5a2a22bc70296bbbdbc2dab7cfbe6a7d57a02d63
|
What type of PR is this?
/kind bug
Any specific area of the project related to this PR?
/area cli
What this PR does / why we need it:
Token caching in the client
Avoid caching authentication tokens in the client since they can expire. In those cases the client cannot invalidate the expired token, hence it will not have permission to access the resources.
Each time the client will acquire a new token based on it's configuration. Remember that this change does not affect the underlying credential helper's cache.
CredentialFuncs caching for repositories
When we create the http client for a given repository the code checks if it is somehow configured. It caches a function called
credentialFunction
. This function knows how to retrieve the credentials for a given repository. For unconfigured repositories, or repositories that fail to get valid credentials using theircredentialFunction,
we cache anemptyCredential function
. This causes trouble in case of transient errors causing the client to not recover. This commit avoids caching theemptyCredential function
in such cases or for unconfigured repositories.Remember that the caching of
credentialFunctions
prevents falcoctl in follow mode to pick up new configurations for repositories that at startup time had a working configuration.Which issue(s) this PR fixes:
Fixes #325
Special notes for your reviewer: